Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.5, 10.6, 10.7, 10.8, 10.9, 10.10
Description
--source include/have_innodb.inc
|
|
CREATE TABLE t1 ( |
pk INT, |
f GEOMETRY NOT NULL, |
PRIMARY KEY (pk), |
UNIQUE KEY (f(8)) |
) ENGINE=InnoDB;
|
ALTER TABLE t1 DROP PRIMARY KEY; |
INSERT INTO t1 VALUES (1, GEOMFROMTEXT('POINT(1 1)')); |
SELECT * FROM t1 ORDER BY pk; |
|
# Cleanup
|
DROP TABLE t1; |
10.5 rel 0af1b0bd |
2020-06-11 16:23:29 4 [ERROR] Table test/t1 has a primary key in InnoDB data dictionary, but not in MariaDB! Have you mixed up .frm files from different installations? See https://mariadb.com/kb/en/innodb-troubleshooting/
|
10.5 debug 6877ef9a |
2020-06-11 16:24:46 4 [ERROR] Table test/t1 has a primary key in InnoDB data dictionary, but not in MariaDB! Have you mixed up .frm files from different installations? See https://mariadb.com/kb/en/innodb-troubleshooting/
|
|
mariadbd: /data/src/10.5/storage/innobase/handler/ha_innodb.cc:10299: virtual void ha_innobase::position(const uchar*): Assertion `len == ref_length' failed.
|
200611 16:24:46 [ERROR] mysqld got signal 6 ;
|
|
#7 0x00007f5b3aa78f12 in __GI___assert_fail (assertion=0x55f62213e90d "len == ref_length", file=0x55f62213a038 "/data/src/10.5/storage/innobase/handler/ha_innodb.cc", line=10299, function=0x55f622149a80 <ha_innobase::position(unsigned char const*)::__PRETTY_FUNCTION__> "virtual void ha_innobase::position(const uchar*)") at assert.c:101
|
#8 0x000055f62184cbe4 in ha_innobase::position (this=0x7f5b040f96f0, record=0x7f5b040f86f8 "\001") at /data/src/10.5/storage/innobase/handler/ha_innodb.cc:10299
|
#9 0x000055f6213dbaec in find_all_keys (thd=0x7f5b04000b18, param=0x7f5b2fffd080, select=0x7f5b040170b8, fs_info=0x7f5b04043280, buffpek_pointers=0x7f5b2fffd2a0, tempfile=0x7f5b2fffd130, pq=0x0, found_rows=0x7f5b04043470) at /data/src/10.5/sql/filesort.cc:889
|
#10 0x000055f6213d9da6 in filesort (thd=0x7f5b04000b18, table=0x7f5b041b4338, filesort=0x7f5b04017288, tracker=0x7f5b04017978, join=0x7f5b040151e8, first_table_bit=1) at /data/src/10.5/sql/filesort.cc:356
|
#11 0x000055f62111a651 in create_sort_index (thd=0x7f5b04000b18, join=0x7f5b040151e8, tab=0x7f5b04016778, fsort=0x7f5b04017288) at /data/src/10.5/sql/sql_select.cc:23884
|
#12 0x000055f6211146ba in st_join_table::sort_table (this=0x7f5b04016778) at /data/src/10.5/sql/sql_select.cc:21613
|
#13 0x000055f621114295 in join_init_read_record (tab=0x7f5b04016778) at /data/src/10.5/sql/sql_select.cc:21552
|
#14 0x000055f62111202d in sub_select (join=0x7f5b040151e8, join_tab=0x7f5b04016778, end_of_records=false) at /data/src/10.5/sql/sql_select.cc:20626
|
#15 0x000055f6211114ee in do_select (join=0x7f5b040151e8, procedure=0x0) at /data/src/10.5/sql/sql_select.cc:20163
|
#16 0x000055f6210e5281 in JOIN::exec_inner (this=0x7f5b040151e8) at /data/src/10.5/sql/sql_select.cc:4475
|
#17 0x000055f6210e43ad in JOIN::exec (this=0x7f5b040151e8) at /data/src/10.5/sql/sql_select.cc:4256
|
#18 0x000055f6210e5ade in mysql_select (thd=0x7f5b04000b18, tables=0x7f5b04013ff8, fields=..., conds=0x0, og_num=1, order=0x7f5b04015060, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f5b040151c0, unit=0x7f5b04004b30, select_lex=0x7f5b04013a00) at /data/src/10.5/sql/sql_select.cc:4680
|
#19 0x000055f6210d559a in handle_select (thd=0x7f5b04000b18, lex=0x7f5b04004a68, result=0x7f5b040151c0, setup_tables_done_option=0) at /data/src/10.5/sql/sql_select.cc:429
|
#20 0x000055f62109abef in execute_sqlcom_select (thd=0x7f5b04000b18, all_tables=0x7f5b04013ff8) at /data/src/10.5/sql/sql_parse.cc:6208
|
#21 0x000055f621091f23 in mysql_execute_command (thd=0x7f5b04000b18) at /data/src/10.5/sql/sql_parse.cc:3939
|
#22 0x000055f62109fa3b in mysql_parse (thd=0x7f5b04000b18, rawbuf=0x7f5b04013960 "SELECT * FROM t1 ORDER BY pk", length=28, parser_state=0x7f5b2fffe520, is_com_multi=false, is_next_command=false) at /data/src/10.5/sql/sql_parse.cc:7992
|
#23 0x000055f62108bdc1 in dispatch_command (command=COM_QUERY, thd=0x7f5b04000b18, packet=0x7f5b040086b9 "", packet_length=28, is_com_multi=false, is_next_command=false) at /data/src/10.5/sql/sql_parse.cc:1875
|
#24 0x000055f62108a4f9 in do_command (thd=0x7f5b04000b18) at /data/src/10.5/sql/sql_parse.cc:1356
|
#25 0x000055f62122ee8f in do_handle_one_connection (connect=0x55f6245e9e98, put_in_cache=true) at /data/src/10.5/sql/sql_connect.cc:1411
|
#26 0x000055f62122ebf7 in handle_one_connection (arg=0x55f6245e9e98) at /data/src/10.5/sql/sql_connect.cc:1313
|
#27 0x000055f6217661a0 in pfs_spawn_thread (arg=0x55f6244c7db8) at /data/src/10.5/storage/perfschema/pfs.cc:2201
|
#28 0x00007f5b3ca014a4 in start_thread (arg=0x7f5b2ffff700) at pthread_create.c:456
|
#29 0x00007f5b3ab35d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
|
10.5 6877ef9a asan |
==31683==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6190000dfdb8 at pc 0x5558bcbabe5f bp 0x7fc475b5f6e0 sp 0x7fc475b5f6d8
|
READ of size 4 at 0x6190000dfdb8 thread T12
|
#0 0x5558bcbabe5e in ha_innobase::position(unsigned char const*) /data/src/10.5/storage/innobase/handler/ha_innodb.cc:10295
|
#1 0x5558bc1721c7 in find_all_keys /data/src/10.5/sql/filesort.cc:889
|
#2 0x5558bc16e617 in filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long) /data/src/10.5/sql/filesort.cc:356
|
#3 0x5558bbb7a66b in create_sort_index(THD*, JOIN*, st_join_table*, Filesort*) /data/src/10.5/sql/sql_select.cc:23884
|
#4 0x5558bbb6a738 in st_join_table::sort_table() /data/src/10.5/sql/sql_select.cc:21613
|
#5 0x5558bbb69c44 in join_init_read_record(st_join_table*) /data/src/10.5/sql/sql_select.cc:21552
|
#6 0x5558bbb6394d in sub_select(JOIN*, st_join_table*, bool) /data/src/10.5/sql/sql_select.cc:20626
|
#7 0x5558bbb61e6c in do_select /data/src/10.5/sql/sql_select.cc:20163
|
#8 0x5558bbaf719c in JOIN::exec_inner() /data/src/10.5/sql/sql_select.cc:4475
|
#9 0x5558bbaf4a85 in JOIN::exec() /data/src/10.5/sql/sql_select.cc:4256
|
#10 0x5558bbaf856a in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.5/sql/sql_select.cc:4680
|
#11 0x5558bbacdea1 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.5/sql/sql_select.cc:429
|
#12 0x5558bba4eb31 in execute_sqlcom_select /data/src/10.5/sql/sql_parse.cc:6208
|
#13 0x5558bba3f557 in mysql_execute_command(THD*) /data/src/10.5/sql/sql_parse.cc:3939
|
#14 0x5558bba588a9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.5/sql/sql_parse.cc:7992
|
#15 0x5558bba331bc in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.5/sql/sql_parse.cc:1875
|
#16 0x5558bba3003f in do_command(THD*) /data/src/10.5/sql/sql_parse.cc:1356
|
#17 0x5558bbdeba4a in do_handle_one_connection(CONNECT*, bool) /data/src/10.5/sql/sql_connect.cc:1411
|
#18 0x5558bbdeb4b9 in handle_one_connection /data/src/10.5/sql/sql_connect.cc:1313
|
#19 0x5558bc9d01dc in pfs_spawn_thread /data/src/10.5/storage/perfschema/pfs.cc:2201
|
#20 0x7fc4858a24a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
|
#21 0x7fc4839d6d0e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe8d0e)
|
|
AddressSanitizer can not describe address in more detail (wild memory access suspected).
|
SUMMARY: AddressSanitizer: heap-buffer-overflow /data/src/10.5/storage/innobase/handler/ha_innodb.cc:10295 in ha_innobase::position(unsigned char const*)
|
Shadow bytes around the buggy address:
|
0x0c3280013f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3280013f70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3280013f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3280013f90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3280013fa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
=>0x0c3280013fb0: fa fa fa fa fa fa fa[fa]fa fa fa fa fa fa fa fa
|
0x0c3280013fc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3280013fd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3280013fe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3280013ff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3280014000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Thread T12 created by T0 here:
|
#0 0x7fc485ae8f59 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f59)
|
#1 0x5558bc9cb29e in my_thread_create /data/src/10.5/storage/perfschema/my_thread.h:34
|
#2 0x5558bc9d05cb in pfs_spawn_thread_v1 /data/src/10.5/storage/perfschema/pfs.cc:2252
|
#3 0x5558bb778757 in inline_mysql_thread_create /data/src/10.5/include/mysql/psi/mysql_thread.h:1321
|
#4 0x5558bb78b489 in create_thread_to_handle_connection(CONNECT*) /data/src/10.5/sql/mysqld.cc:5951
|
#5 0x5558bb78b9fe in create_new_thread(CONNECT*) /data/src/10.5/sql/mysqld.cc:6010
|
#6 0x5558bb78bbbb in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.5/sql/mysqld.cc:6075
|
#7 0x5558bb78c59e in handle_connections_sockets() /data/src/10.5/sql/mysqld.cc:6202
|
#8 0x5558bb78adef in mysqld_main(int, char**) /data/src/10.5/sql/mysqld.cc:5620
|
#9 0x5558bb776f4f in main /data/src/10.5/sql/main.cc:25
|
#10 0x7fc48390e2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
|
|
==31683==ABORTING
|
200611 16:25:39 [ERROR] mysqld got signal 6 ;
|
This could be because you hit a bug. It is also possible that this binary
|
or one of the libraries it was linked against is corrupt, improperly built,
|
or misconfigured. This error can also be caused by malfunctioning hardware.
|
|
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
|
|
We will try our best to scrape up some info that will hopefully help
|
diagnose the problem, but since we have already crashed,
|
something is definitely wrong and this may fail.
|
|
Server version: 10.5.4-MariaDB-debug-log
|
key_buffer_size=1048576
|
read_buffer_size=131072
|
max_used_connections=1
|
max_threads=153
|
thread_count=2
|
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 63704 K bytes of memory
|
Hope that's ok; if not, decrease some variables in the equation.
|
|
Thread pointer: 0x62b00007e288
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7fc475b629a0 thread_stack 0x5fc00
|
??:0(backtrace)[0x7fc485b05681]
|
/data/bld/10.5-asan/bin/mariadbd(my_print_stacktrace+0xb5)[0x5558bd4af024]
|
mysys/stacktrace.c:306(my_print_stacktrace)[0x5558bc183c5e]
|
??:0(__restore_rt)[0x7fc4858ac0e0]
|
linux/raise.c:51(__GI_raise)[0x7fc483920fff]
|
stdlib/abort.c:91(__GI_abort)[0x7fc48392242a]
|
??:0(__sanitizer_cov_trace_switch)[0x7fc485b93329]
|
??:0(__asan_print_accumulated_stats)[0x7fc485b889ab]
|
??:0(__asan_unpoison_intra_object_redzone)[0x7fc485b82b57]
|
??:0(__asan_report_load4)[0x7fc485b83308]
|
/data/bld/10.5-asan/bin/mariadbd(+0x2b19e5f)[0x5558bcbabe5f]
|
handler/ha_innodb.cc:10295(ha_innobase::position(unsigned char const*))[0x5558bc1721c8]
|
sql/filesort.cc:890(find_all_keys(THD*, Sort_param*, SQL_SELECT*, SORT_INFO*, st_io_cache*, st_io_cache*, Bounded_queue<unsigned char, unsigned char>*, unsigned long long*))[0x5558bc16e618]
|
sql/filesort.cc:356(filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long))[0x5558bbb7a66c]
|
sql/sql_select.cc:23884(create_sort_index(THD*, JOIN*, st_join_table*, Filesort*))[0x5558bbb6a739]
|
sql/sql_select.cc:21613(st_join_table::sort_table())[0x5558bbb69c45]
|
sql/sql_select.cc:21552(join_init_read_record(st_join_table*))[0x5558bbb6394e]
|
sql/sql_select.cc:20626(sub_select(JOIN*, st_join_table*, bool))[0x5558bbb61e6d]
|
sql/sql_select.cc:20163(do_select(JOIN*, Procedure*))[0x5558bbaf719d]
|
sql/sql_select.cc:4475(JOIN::exec_inner())[0x5558bbaf4a86]
|
sql/sql_select.cc:4257(JOIN::exec())[0x5558bbaf856b]
|
sql/sql_select.cc:4682(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x5558bbacdea2]
|
sql/sql_select.cc:429(handle_select(THD*, LEX*, select_result*, unsigned long))[0x5558bba4eb32]
|
sql/sql_parse.cc:6208(execute_sqlcom_select(THD*, TABLE_LIST*))[0x5558bba3f558]
|
sql/sql_parse.cc:3939(mysql_execute_command(THD*))[0x5558bba588aa]
|
sql/sql_parse.cc:7992(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x5558bba331bd]
|
sql/sql_parse.cc:1877(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x5558bba30040]
|
sql/sql_parse.cc:1356(do_command(THD*))[0x5558bbdeba4b]
|
sql/sql_connect.cc:1411(do_handle_one_connection(CONNECT*, bool))[0x5558bbdeb4ba]
|
sql/sql_connect.cc:1315(handle_one_connection)[0x5558bc9d01dd]
|
nptl/pthread_create.c:456(start_thread)[0x7fc4858a24a4]
|
x86_64/clone.S:99(clone)[0x7fc4839d6d0f]
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x62b0000772a8): SELECT * FROM t1 ORDER BY pk
|
Connection ID (thread ID): 4
|
Status: NOT_KILLED
|
|
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off
|
|
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
|
information that should help you find out what is causing the crash.
|
Writing a core file...
|
Working directory at /dev/shm/var_auto_KdVd/mysqld.1/data
|
Resource Limits:
|
Limit Soft Limit Hard Limit Units
|
Max cpu time unlimited unlimited seconds
|
Max file size unlimited unlimited bytes
|
Max data size unlimited unlimited bytes
|
Max stack size 8388608 unlimited bytes
|
Max core file size 0 0 bytes
|
Max resident set unlimited unlimited bytes
|
Max processes 128123 128123 processes
|
Max open files 1024 1024 files
|
Max locked memory 65536 65536 bytes
|
Max address space unlimited unlimited bytes
|
Max file locks unlimited unlimited locks
|
Max pending signals 128123 128123 signals
|
Max msgqueue size 819200 819200 bytes
|
Max nice priority 0 0
|
Max realtime priority 0 0
|
Max realtime timeout unlimited unlimited us
|
Core pattern: core
|
Not reproducible on 10.4.